Hi > 1. "Authorization: Bearer TOKEN_HERE“, what is „Bearer“ ? Is it the user > name? Or just a constant name, which helps the plugin to work?
It's a constant name that is defined in OAuth 2.0 RFC: https://tools.ietf.org/html/rfc6750 I don't know why it's also used with JWT. You can read more about how JWT is usually sent to server from here: https://jwt.io/introduction/#how-do-json-web-tokens-work- > 2. What does the „username_claim“ configuration parameter do? There are to > options mentioned, „name“ and „sub“, but what does these options do? The couch_wt_auth plugin creates a user context for the CouchDB. The user context is created with a username and list of roles. The configuration parameters 'username_claim' and 'roles_claim' specify what JWT claim/property is mapped to username and roles. For example JWT could contain this payload: { "sub": "1234567890", "name": "John Doe", "roles": ["_admin", "dev"], "admin": true } When couch_wt_auth is configured with username_claim=sub (sub is the default value) then CouchDB user context username is "1234567890". If couch_wt_auth is configured with username_claim=name then CouchDB user context username is "John Doe". More information about different JWT claims: https://tools.ietf.org/html/rfc7519#section-4.1 I hope this helps. If you have any questions, I will be happy to answer them. Thanks, Matti Eerola On Tue, 8 Mar 2016 08:27:22 +0100 Martin Rudolph <[email protected]> wrote: > Hi everybody, > > we like to use couch_wt_auth for authentication, but before we’d like to use > it some questions came up on how everything works. I hope somebody could > answer these questions here. > > 1. "Authorization: Bearer TOKEN_HERE“, what is „Bearer“ ? Is it the user > name? Or just a constant name, which helps the plugin to work? > 2. What does the „username_claim“ configuration parameter do? There are to > options mentioned, „name“ and „sub“, but what does these options do? > > I hope someone could help to understand this plugin better, so we are able to > use it! > > Regards > > Martin > > > -- Matti Eerola <[email protected]>
